Compliance Management, Incident Response, TDR

SANS report shows security logs no longer “geek toys”

Organizations use security log data to a greater extent than ever before, according to the 2009 Annual Log Management Survey from the SANS Institute.

In fact, use of log data has mushroomed in recent years. In 2007, 56 percent of survey respondents collected logs, but in 2009 the figure jumped to 87 percent.

The top reason organizations collect log data is for security event detection, the survey showed. That means tracking suspicious behavior and monitoring user activity online. Other reasons, according to the survey, are for forensic analysis, operations/process control and regulatory compliance. As to compliance, organizations indicated that they wanted to make use of the terabytes of logs they've already gathered in complying with regulations.

In addition, organizations increasingly integrated log data with their security information event management (SIEM) systems, according to the survey. More than 30 percent of respondents said they are integrating log management with SIEM, and 26 percent plan to do so.

“The tide has turned," report author Jerry Shenk, senior analyst for the SANS Institute, wrote in his summary. "Log management is no longer a toy just for the geeks."

“As this year's survey indicates, some keys to success in a log management initiative include getting started, integrating log management into the normal workflow or process, measuring effectiveness, and automating functions like normalization and reporting,” he added.

SANS has surveyed the log management industry every spring since 2005. The surveys afford insights into why people use logs, what problems they encounter and what users would like to see from vendors.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.